AMP is a closer match to

carlos_galano · ‎07-07-2015

Hi

I want to know what its best, AV Sophos or AMP, if customer purchase AMP its necessary purchase Sophos AV????, exists any document with this info??

Regards

Ken Stieers · ‎07-07-2015

AMP is the SourceFire Fire AMP product added to the ESA. You should dig in to the docs on that.

At the last product briefing i was at, it waa specifically stated that it's not an Antivirus product. And it works completely differently.

I think you need both.

Bob Fayne · ‎07-08-2015

AMP is a closer match to Outbreak Filters than Signature-based AV like Sophos but it uses a lot more information to make decisions.

Mathew Huynh · ‎07-08-2015

Hello Carlos

As Bob and Ken has explained as well
AMP uses sourcefire AMP engine which was added to the ESA on version 8.5
This utilizes a cloud based scanning for reputation and filetypes to assist with real time updates from sensors and security to malicious attachments.

See AMP Information on ESA:
http://www.cisco.com/c/dam/en/us/products/collateral/security/email-security-appliance/at-a-glance-c45-730848.pdf

As per Sophos which is a traditional anti-virus scanner which relies on the definition files of analyzed strings or fingerprinting structure of an attachment to be matched.

We would suggest trialling the AMP feature initially to see if it fits your criteria for additional file scanning security.

You can work with your account manager to assist with organising a trial license of AMP.

I hope this helps.

Regards,

Matthew

Sophos vs AMP on ESA